eCh0raix Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (277)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	232
ru	44
sv	2

Country

sc	166
us	26
ru	22
pl	22
li	18

Actors

eCh0raix	3
Mirai	3
Cobalt Strike	2
Raccoon	2
QNAPCrypt	2

Activities

Interest

Timeline

Type

Not Defined	92
Firewall Software	20
Content Management System	10
Database Administration Software	10
Operating System	10

Vendor

Not Defined	88
Cisco	14
Microsoft	14
Apache	10
Google	10

Product

phpMyAdmin	10
F5 BIG-IP	8
Cisco ASA	8
Apache HTTP Server	6
Cisco Firepower Threat Defense	6

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	spring-boot-actuator-logview LogViewEndpoint.view path traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.05	CVE-2023-29986
2	Apache HTTP Server response splitting	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00045	0.04	CVE-2023-38709
3	phpMyAdmin PMA_safeUnserialize deserialization	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00433	0.00	CVE-2016-9865
4	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.16	CVE-2020-12440
5	phpMyAdmin cross site scripting	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.00348	0.02	CVE-2014-8958
6	Jetty URI access control	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.47555	0.00	CVE-2021-34429
7	Alt-N MDaemon Worldclient injection	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2021-27182
8	phpMyAdmin ArbitraryServerRegexp Reuse 7pk security	9.8	9.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00366	0.04	CVE-2016-6629
9	phpMyAdmin Unserialization unserialize deserialization	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00965	0.00	CVE-2016-6620
10	phpMyAdmin Central Column Query central_columns.lib.php sql injection	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00322	0.00	CVE-2016-5703
11	phpMyAdmin Git Information GitRevision.php Remote Code Execution	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00190	0.04	CVE-2019-19617
12	phpMyAdmin Redirect php weakness	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.00247	0.02	CVE-2014-9219
13	phpMyAdmin import.php cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.00150	0.02	CVE-2014-1879
14	portable SDK for UPnP unique_service_name memory corruption	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.97445	0.00	CVE-2012-5958
15	ApolloTheme AP PageBuilder cross site scripting	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00075	0.04	CVE-2022-44897
16	InfluxDB JWT Token handler.go improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04913	0.02	CVE-2019-20933
17	Seltmann Content Management System index.php sql injection	7.6	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00139	0.00	CVE-2022-47740
18	CKFinder File Name unrestricted upload	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00155	0.04	CVE-2019-15862
19	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
20	Asus RT-AC2900 input validation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08597	0.02	CVE-2018-8826

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	2.37.149.230	net-2-37-149-230.cust.vodafonedsl.it	eCh0raix	08/10/2022	verified	High
2	64.42.152.46	bern-wstd-gw.wireless.nmia.com	eCh0raix	08/10/2022	verified	High
3	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx.xxx.xx.xxx	Xxxxxxxx	08/10/2022	verified	High
4	XXX.XX.XXX.XX		Xxxxxxxx	08/10/2022	verified	High
5	XXX.XXX.XX.XX		Xxxxxxxx	08/10/2022	verified	High
6	XXX.XX.XX.XX	xxxxxxxx.xxxxxxx.xxx.xxxxx-xxx.xx.xx	Xxxxxxxx	08/10/2022	verified	High
7	XXX.XX.XX.XX	xx.xx.xx.xxx.xx.xxx.xx	Xxxxxxxx	08/10/2022	verified	High
8	XXX.XXX.XXX.XXX	xx-xxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	08/10/2022	verified	High
9	XXX.XXX.XXX.XXX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxxxx	06/22/2022	verified	High
10	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxx	07/17/2019	verified	High

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
11	TXXXX	CAPEC-55	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX.XXX	CAPEC-154	CWE-XXX	Xxxxxxxxxxxx	predictive	High
14	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
15	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
16	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
17	TXXXX.XXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
18	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/sysmon.php	predictive	High
2	File	/api/content/posts/comments	predictive	High
3	File	/debug/pprof	predictive	Medium
4	File	/Home/GetAttachment	predictive	High
5	File	/index.php	predictive	Medium
6	File	/modules/projects/vw_files.php	predictive	High
7	File	/opt/teradata/gsctools/bin/t2a.pl	predictive	High
8	File	/webman/info.cgi	predictive	High
9	File	account/gallery.php	predictive	High
10	File	xxxxxx.xxx	predictive	Medium
11	File	xxxxx/xxxxxx.xxx	predictive	High
12	File	xxx-xxx/xxxx_xxx.xxx	predictive	High
13	File	xxxxxx.x	predictive	Medium
14	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
15	File	xxxx/xxxx	predictive	Medium
16	File	xxxxxx_xxx.x	predictive	Medium
17	File	xxxxxxxxxxxxxx.xx	predictive	High
18	File	xxx_xxx.xxx	predictive	Medium
19	File	xxx.xxxxx	predictive	Medium
20	File	xx/xxxxxxx/xxx.x	predictive	High
21	File	xxxxxx.xxx	predictive	Medium
22	File	xxx/xxxxxx.xxx	predictive	High
23	File	xxx/xx/xxxx/xxxx.xxxxx.xxx	predictive	High
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxxx.x	predictive	Medium
26	File	xxxxxxxx.xxx	predictive	Medium
27	File	xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxx	predictive	High
28	File	xxxxxxxxxxxx/xxx.x	predictive	High
29	File	xxx_xxxxxxxxx.x	predictive	High
30	File	xxxxxxx.xxx	predictive	Medium
31	File	xxx_xxxxx_xxxx.x	predictive	High
32	File	xxxxxxx/xxxx	predictive	Medium
33	File	xxx/xxxxx.xxxx	predictive	High
34	File	xxxxxxx.xxx	predictive	Medium
35	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
36	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
37	File	xxxxxxx.xxx	predictive	Medium
38	File	xxxxxxxx_xxxxxxxxxxxx_xxxxxx.xx	predictive	High
39	File	xxx_xxxxx_xxxxxxxxx.x	predictive	High
40	File	xxxxxxxx/xxxxx/xxxxxxx.xx	predictive	High
41	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	High
42	File	xxxxx.xxx	predictive	Medium
43	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
44	File	xxxxxxxxxxxxxxx.xxx	predictive	High
45	File	xxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxx	predictive	High
46	File	xxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxx	predictive	High
47	File	xxxx.xxx	predictive	Medium
48	File	xxx xxxx xxxxxxx	predictive	High
49	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	High
50	File	xxxx.xx	predictive	Low
51	Library	xxx-xx-xxx-xxxx-xxxx-xx-x-x.xxx	predictive	High
52	Library	xxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxx	predictive	High
53	Argument	-x	predictive	Low
54	Argument	xxxxxxxxxxxxxx	predictive	High
55	Argument	xxxxxxxx	predictive	Medium
56	Argument	xxx_xx	predictive	Low
57	Argument	xxxx	predictive	Low
58	Argument	xxxxx	predictive	Low
59	Argument	xxxxxx/xxxxxxx	predictive	High
60	Argument	xxxxxxxx[xxxx_xxx]	predictive	High
61	Argument	xxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxx	predictive	High
62	Argument	xxxx/xxxxxx/xxx	predictive	High
63	Argument	xx	predictive	Low
64	Argument	xxxxxxxx	predictive	Medium
65	Argument	xxxxxxxxxx	predictive	Medium
66	Argument	xxxx_xxx_xxxxxxxx_xxx	predictive	High
67	Argument	xxxxxxx	predictive	Low
68	Argument	xxxxx/xxxxxxxx	predictive	High
69	Argument	xxxxx	predictive	Low
70	Argument	xxxx_xxxxxx	predictive	Medium
71	Argument	xx_xxx_xxxxx	predictive	Medium
72	Argument	xxxxxxxxxxxxxxxx	predictive	High
73	Argument	xxx	predictive	Low
74	Argument	xxxxxxxx	predictive	Medium
75	Argument	xxxxxxxx	predictive	Medium
76	Input Value	../	predictive	Low
77	Input Value	\x	predictive	Low
78	Network Port	xxx/xx	predictive	Low
79	Network Port	xxx/xxx	predictive	Low
80	Network Port	xxx/xxxx	predictive	Medium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!