eCh0raix Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (217)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	192
ru	26

Country

sc	140
ru	28
us	14
li	10
gb	6

Actors

eCh0raix	3
Mirai	3
Cobalt Strike	2
Raccoon	2
QNAPCrypt	2

Activities

Interest

Timeline

Type

Not Defined	94
Operating System	14
SCADA Software	10
Content Management System	10
Web Browser	6

Vendor

Not Defined	78
Microsoft	12
Google	10
Siemens	10
Oracle	4

Product

Microsoft Windows	10
Google Chrome	6
Google Android	4
Siemens SPPA-T3000 MS3000 Migration Server	4
Qualcomm Snapdragon Mobile	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Jetty URI access control	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.40995	CVE-2021-34429
2	portable SDK for UPnP unique_service_name memory corruption	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.03	0.97462	CVE-2012-5958
3	ApolloTheme AP PageBuilder cross site scripting	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00046	CVE-2022-44897
4	InfluxDB JWT Token handler.go improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.03528	CVE-2019-20933
5	Seltmann Content Management System index.php sql injection	7.6	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00076	CVE-2022-47740
6	CKFinder File Name unrestricted upload	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00155	CVE-2019-15862
7	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.00	0.01806	CVE-2007-1192
8	Asus RT-AC2900 input validation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.14395	CVE-2018-8826
9	GitLab Community Edition/Enterprise Edition Permission permission assignment	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00054	CVE-2019-18446
10	phpMyAdmin PMA_safeUnserialize deserialization	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00433	CVE-2016-9865
11	phpMyAdmin Username sql injection	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00326	CVE-2016-9864
12	QNAP Multimedia Console/QTS/Media Streaming Add-on command injection	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00067	CVE-2023-23369
13	Libbitcoin Explorer Milk Sad entropy	5.3	5.3	$0-$5k	$0-$5k	High	Not Defined	0.05	0.00116	CVE-2023-39910
14	WP Mail SMTP Pro Plugin is_print_page authorization	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00052	CVE-2023-3213
15	Microsoft ASP.NET Core Kestrel Web Application password recovery	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.08	0.01406	CVE-2018-0787
16	KeyCloak Admin REST API injection	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2022-1274
17	Mikrotik RouterOS SNMP out-of-bounds	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00160	CVE-2022-45315
18	Schneider Electric Modicon PLC Project File unusual condition	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00044	CVE-2023-25620
19	Kubernetes kubelet pprof information disclosure	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.72895	CVE-2019-11248
20	SheetJS Pro XLSX Document xlsx.js resource consumption	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00057	CVE-2021-32014

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	2.37.149.230	net-2-37-149-230.cust.vodafonedsl.it	eCh0raix	08/10/2022	verified	High
2	64.42.152.46	bern-wstd-gw.wireless.nmia.com	eCh0raix	08/10/2022	verified	High
3	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx.xxx.xx.xxx	Xxxxxxxx	08/10/2022	verified	High
4	XXX.XX.XXX.XX		Xxxxxxxx	08/10/2022	verified	High
5	XXX.XXX.XX.XX		Xxxxxxxx	08/10/2022	verified	High
6	XXX.XX.XX.XX	xxxxxxxx.xxxxxxx.xxx.xxxxx-xxx.xx.xx	Xxxxxxxx	08/10/2022	verified	High
7	XXX.XX.XX.XX	xx.xx.xx.xxx.xx.xxx.xx	Xxxxxxxx	08/10/2022	verified	High
8	XXX.XXX.XXX.XXX	xx-xxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	08/10/2022	verified	High
9	XXX.XXX.XXX.XXX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxxxx	06/22/2022	verified	High
10	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxx	07/17/2019	verified	High

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22, CWE-23	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	T1059	CWE-94	Cross Site Scripting	predictive	High
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
10	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	High
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
14	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
16	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
17	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/sysmon.php	predictive	High
2	File	/api/content/posts/comments	predictive	High
3	File	/debug/pprof	predictive	Medium
4	File	/Home/GetAttachment	predictive	High
5	File	/index.php	predictive	Medium
6	File	/modules/projects/vw_files.php	predictive	High
7	File	/opt/teradata/gsctools/bin/t2a.pl	predictive	High
8	File	/webman/info.cgi	predictive	High
9	File	account/gallery.php	predictive	High
10	File	xxxxxx.xxx	predictive	Medium
11	File	xxxxx/xxxxxx.xxx	predictive	High
12	File	xxx-xxx/xxxx_xxx.xxx	predictive	High
13	File	xxxxxx.x	predictive	Medium
14	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
15	File	xxxx/xxxx	predictive	Medium
16	File	xxxxxx_xxx.x	predictive	Medium
17	File	xxxxxxxxxxxxxx.xx	predictive	High
18	File	xxx_xxx.xxx	predictive	Medium
19	File	xxx.xxxxx	predictive	Medium
20	File	xx/xxxxxxx/xxx.x	predictive	High
21	File	xxx/xxxxxx.xxx	predictive	High
22	File	xxx/xx/xxxx/xxxx.xxxxx.xxx	predictive	High
23	File	xxxxx.xxx	predictive	Medium
24	File	xxxxxx.x	predictive	Medium
25	File	xxxxxxxx.xxx	predictive	Medium
26	File	xxxxxxxxxxxx/xxx.x	predictive	High
27	File	xxx_xxxxxxxxx.x	predictive	High
28	File	xxxxxxx.xxx	predictive	Medium
29	File	xxx_xxxxx_xxxx.x	predictive	High
30	File	xxxxxxx/xxxx	predictive	Medium
31	File	xxx/xxxxx.xxxx	predictive	High
32	File	xxxxxxx.xxx	predictive	Medium
33	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
34	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
35	File	xxxxxxx.xxx	predictive	Medium
36	File	xxxxxxxx_xxxxxxxxxxxx_xxxxxx.xx	predictive	High
37	File	xxx_xxxxx_xxxxxxxxx.x	predictive	High
38	File	xxxxxxxx/xxxxx/xxxxxxx.xx	predictive	High
39	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	High
40	File	xxxxx.xxx	predictive	Medium
41	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
42	File	xxxxxxxxxxxxxxx.xxx	predictive	High
43	File	xxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxx	predictive	High
44	File	xxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxx	predictive	High
45	File	xxxx.xxx	predictive	Medium
46	File	xxx xxxx xxxxxxx	predictive	High
47	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	High
48	File	xxxx.xx	predictive	Low
49	Library	xxx-xx-xxx-xxxx-xxxx-xx-x-x.xxx	predictive	High
50	Argument	-x	predictive	Low
51	Argument	xxxxxxxxxxxxxx	predictive	High
52	Argument	xxxxxxxx	predictive	Medium
53	Argument	xxx_xx	predictive	Low
54	Argument	xxxx	predictive	Low
55	Argument	xxxxx	predictive	Low
56	Argument	xxxxxx/xxxxxxx	predictive	High
57	Argument	xxxxxxxx[xxxx_xxx]	predictive	High
58	Argument	xxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxx	predictive	High
59	Argument	xxxx/xxxxxx/xxx	predictive	High
60	Argument	xx	predictive	Low
61	Argument	xxxxxxxx	predictive	Medium
62	Argument	xxxxxxxxxx	predictive	Medium
63	Argument	xxxx_xxx_xxxxxxxx_xxx	predictive	High
64	Argument	xxxxxxx	predictive	Low
65	Argument	xxxxx/xxxxxxxx	predictive	High
66	Argument	xxxxx	predictive	Low
67	Argument	xxxx_xxxxxx	predictive	Medium
68	Argument	xx_xxx_xxxxx	predictive	Medium
69	Argument	xxxxxxxxxxxxxxxx	predictive	High
70	Argument	xxx	predictive	Low
71	Argument	xxxxxxxx	predictive	Medium
72	Argument	xxxxxxxx	predictive	Medium
73	Input Value	../	predictive	Low
74	Input Value	\x	predictive	Low
75	Network Port	xxx/xx	predictive	Low
76	Network Port	xxx/xxx	predictive	Low
77	Network Port	xxx/xxxx	predictive	Medium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!