Amadey Bot تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

التسلسل الزمني

اللغة

en108
ru12
fr4
jp2
pl2

البلد

ru76
us14
de2
fr2

الفاعلين

Amadey2
RedLine Stealer2
Amadey Bot2
Rhadamanthys2
Meterpreter1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined82
Content Management System8
Enterprise Resource Planning Software6
Domain Name Software6
Web Server4

المجهز

Not Defined40
D-Link12
SourceCodester10
NVIDIA6
Dolibarr6

منتج

D-Link DWL-66106
D-Link DI-7200GV2.E16
Dolibarr ERP CRM6
Croc4
NVIDIA DGX H100 BMC4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1openSUSE welcome Local Privilege Escalation4.54.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.02CVE-2023-32184
2SourceCodester Medical Certificate Generator App action.php حقن إس كيو إل8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.04CVE-2023-0774
3Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial Fix0.234410.00CVE-2021-31206
4nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.31CVE-2020-12440
5JetBrains TeamCity توثيق ضعيف8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.970710.04CVE-2023-42793
6Nagios XI POST Request banner_message-ajaxhelper.php حقن إس كيو إل6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.04CVE-2023-40931
7Openupload Stable compress-inc.php تجاوز الصلاحيات7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000970.00CVE-2023-36319
8Dolibarr ERP CRM تجاوز الصلاحيات7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000970.03CVE-2023-38887
9NVIDIA DGX H100 BMC Host KVM Daemon تلف الذاكرة7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.05CVE-2023-25527
10NVIDIA Cumulus Linux VxLAN-encapsulated IPv6 Packet الكشف عن المعلومات5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-25525
11Mitsubishi Electric GX Works3 Incomplete Fix CVE-2020-14496 تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-4088
12NVIDIA DGX H100 BMC Web Server Plugin تلف الذاكرة9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001190.00CVE-2023-25528
13Dolibarr ERP CRM Command Privilege Escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001600.02CVE-2023-38886
14Dolibarr ERP CRM REST API Module testSqlAndScriptject سكربتات مشتركة6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001780.02CVE-2023-38888
15IOBit Malware Fighter ImfHpRegFilter.sys الحرمان من الخدمة4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-24089
16ISL ARP Guard سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2023-39575
17Nagios XI Custom Logo سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000530.05CVE-2023-40932
18graphql Query Parser OverlappingFieldsCanBeMergedRule الحرمان من الخدمة4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-26144
19Linux Kernel BPF verifier.c backtrack_insn Remote Code Execution9.59.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2023-2163
20Croc Custom Shared Secret Privilege Escalation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.03CVE-2023-43617

حملات (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
12.59.42.63vds-cw08597.timeweb.ruAmadey BotAzorult04/03/2022verifiedعالي
2XX.XXX.XX.XXXXxxxxx Xxx02/04/2024verifiedعالي
3XXX.XX.X.XXxxxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx02/08/2022verifiedعالي
4XXX.XX.X.XXxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx02/08/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.ssh/authorized_keyspredictiveعالي
2File/admin/api/theme-edit/predictiveعالي
3File/face-recognition-php/facepay-master/camera.phppredictiveعالي
4File/forum/PostPrivateMessagepredictiveعالي
5File/home/masterConsolepredictiveعالي
6File/hrm/employeeadd.phppredictiveعالي
7File/hrm/employeeview.phppredictiveعالي
8File/m4pdf/pdf.phppredictiveعالي
9File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveعالي
10Fileaction.phppredictiveمتوسط
11Fileadmin.php&r=article/AdminContent/editpredictiveعالي
12Fileadmin.xmlpredictiveمتوسط
13Filexxxxx/?xxxx=xxxxxpredictiveعالي
14Filexxxx/xx_*.xxxpredictiveعالي
15Filexxx.xxxpredictiveواطئ
16Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
17Filexxxxxx/xxxxx/xxxxx.xxxpredictiveعالي
18Filexxxxxxxx-xxx.xxxpredictiveعالي
19Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveعالي
20Filexxxxxx.xxxxpredictiveمتوسط
21Filexxxxx_xxxx.xpredictiveمتوسط
22Filexxxx_xxxxxx.xxxpredictiveعالي
23Filexxxx_xxxxxxxxx.xxxxxpredictiveعالي
24Filexx/xxxxx.xxxpredictiveمتوسط
25Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictiveعالي
26Filexxx/xxxxxx.xxxpredictiveعالي
27Filexxxxx.xxxpredictiveمتوسط
28Filexxxxx.xxx?xxxx=xxxxxpredictiveعالي
29Filexxxx_xxxx.xxxpredictiveعالي
30Filexxxxxx.xxxxxxxxxx.xxpredictiveعالي
31Filexxxxxx/xxx/xxxxxxxx.xpredictiveعالي
32Filexxx/xxxxxxx/xxxxxx.xxpredictiveعالي
33Filexxx/xxxxxx.xxpredictiveعالي
34Filexxxxx.xxxpredictiveمتوسط
35Filexxxxx.xxxpredictiveمتوسط
36Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
37Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
38Filexxxxxxxxxx.xxpredictiveعالي
39Filexxxx_xxxxxxxx.xxxpredictiveعالي
40Filexxxxxxxx.xxxpredictiveمتوسط
41Filexxxxx_xxxxxx.xxxpredictiveعالي
42Filexxxxx.xpredictiveواطئ
43Filexxxxxxx_xxxxx.xxxpredictiveعالي
44Filexxxxxxx/xxxxxxxxxx.xxpredictiveعالي
45Filexxx_xxx.xxxpredictiveمتوسط
46Filexxxxxx-xxxxxxxx.xxxpredictiveعالي
47Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictiveعالي
48Filexxxx_xxxxx.xxxxpredictiveعالي
49Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictiveعالي
50Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
51Filexxx/xxxxxxxxx.xpredictiveعالي
52Filexxxxx_xxxxx.xxxpredictiveعالي
53Filexxxxxx-xxxxxx.xxxpredictiveعالي
54Filexxx/xxx.xxxxx.xxxpredictiveعالي
55Filexxxxxxxx.xxxpredictiveمتوسط
56Filexxxx_xxxxxxxx.xxxpredictiveعالي
57Filexxxxxxx.xxxx.xxxpredictiveعالي
58Libraryxxxxxx[xxxxxx_xxxxpredictiveعالي
59Libraryxxxxxxxxxxxxxx.xxxpredictiveعالي
60Libraryxxxxxx.xxxpredictiveمتوسط
61Libraryxxxxx.xxxpredictiveمتوسط
62Argumentxxxxxxpredictiveواطئ
63Argumentxxxxxpredictiveواطئ
64Argumentxxxxxxxxpredictiveمتوسط
65Argumentxxxxxxxxxxxxpredictiveمتوسط
66Argumentxxpredictiveواطئ
67Argumentxxxx_xxpredictiveواطئ
68Argumentxxxxxxxpredictiveواطئ
69Argumentxxxxxxxxxxxxxpredictiveعالي
70Argumentxxxxxx[xxxxxx_xxxx]predictiveعالي
71Argumentxxxxxxxpredictiveواطئ
72Argumentxxxxxpredictiveواطئ
73Argumentxxxxxxxxpredictiveمتوسط
74Argumentxxxx_xxpredictiveواطئ
75Argumentxx_xxpredictiveواطئ
76Argumentxxpredictiveواطئ
77Argumentxxpredictiveواطئ
78Argumentxx_xxxxxpredictiveمتوسط
79Argumentxxxxxxxxpredictiveمتوسط
80Argumentxxxxx/xxxxxxpredictiveمتوسط
81Argumentxxxxpredictiveواطئ
82Argumentxxxxpredictiveواطئ
83Argumentxxxxxpredictiveواطئ
84Argumentxxx_xxxxpredictiveمتوسط
85Argumentxxxxpredictiveواطئ
86Argumentxxxx_xxxxxxxxxxpredictiveعالي
87Argumentxxxxxpredictiveواطئ
88Argumentxxxx_xxxxpredictiveمتوسط
89Argumentxxxxxxxxpredictiveمتوسط
90Argumentxxxxpredictiveواطئ
91Argumentxxxxxxpredictiveواطئ
92Argumentxxxxxxxxxxxxxpredictiveعالي
93Argumentxxxxxx_xxxxxxxxpredictiveعالي
94Argumentxxxxxxx/xxxxxxxpredictiveعالي
95Argumentxxxx/xxxxxx xxxxpredictiveعالي
96Argumentxxxx_xxxpredictiveمتوسط
97Argumentxxxpredictiveواطئ
98Argumentxxx_xxxpredictiveواطئ
99Argumentxxxxxxpredictiveواطئ
100Argumentxxxxxxxxpredictiveمتوسط
101Argumentxxxxxpredictiveواطئ

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!