Echobot Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en56
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA38
IR: Iran16
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Echobot3
Baldr2
Dridex2
BazarBackdoor1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Operating System6
Firewall Software4
Connectivity Software2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Cisco6
Microsoft6
Asus2
Thomas R. Pasawicz2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA4
Microsoft Windows4
OpenSSH2
WordPress2
Asus GT-AX110002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.34CVE-2010-0966
2Apple Mac OS X TCP/IP Stack denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.025100.02CVE-2004-0171
3Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.02CVE-2014-4078
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
5FUSE fusermount access control6.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001460.06CVE-2018-10906
6Asus GT-AX11000 CAPTCHA excessive authentication3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.015560.02CVE-2021-41435
7Oracle GlassFish Server Java Server Faces path traversal5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.580630.03CVE-2013-3827
8Microsoft Windows win32k.sys access control7.37.2$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003490.00CVE-2013-1340
9PHPSHE pay.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005120.00CVE-2019-9762
10Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.311380.04CVE-2017-0055
11IPTV Smarters Web TV Player Upload unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012190.05CVE-2020-9380
12Microsoft Windows Background Intelligent Transfer Service information disclosure3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.00
13NetworkManager AdHoc Mode missing authentication4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.00CVE-2012-2736
14jforum username User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003180.04CVE-2019-7550
15Citrix NetScaler ADC/NetScaler Gateway information disclosure7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002240.00CVE-2018-6808
16Citrix NetScaler ADC/NetScaler Gateway SSH Login Prompt command injection7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.00CVE-2018-5314
17Cisco ASA WebVPN Login Page resource management4.34.1$5k-$25k$0-$5kHighOfficial Fix0.010660.00CVE-2014-2124
18Cisco ASA WebVPN Login Page logon.html cross site scripting5.35.2$5k-$25k$0-$5kHighOfficial Fix0.008710.03CVE-2014-2120
19WordPress wp-trackback.php sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.049420.05CVE-2007-0233
20PHP PHP-FPM resource consumption5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005760.00CVE-2015-9253

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.59.249.236Echobot09/22/2024verifiedVery High
2XX.XX.XXX.XXXXxxxxxx10/20/2023verifiedHigh
3XX.XX.XX.XXXXxxxxxx10/20/2023verifiedHigh
4XX.XX.XX.XXXXxxxxxx10/20/2023verifiedHigh
5XXX.XXX.XXX.XXXXxxxxxx10/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/downloadpredictiveMedium
3File/forum/away.phppredictiveHigh
4File/uncpath/predictiveMedium
5Filexxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
10Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
14Filexx-xxxxxxxxx.xxxpredictiveHigh
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxpredictiveLow
19ArgumentxxxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21Argumentxxxx_xxxxpredictiveMedium
22Argumentxxxxxx_xxxxpredictiveMedium
23Argumentxx_xxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxxxxxx/xxxxpredictiveHigh
26Network Portxxx/xxx (xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!