Echobot Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Sprache

en	56
zh	2

Land

us	42
ir	10
cn	4
ru	2

Akteure

Echobot	3
Baldr	2
Dridex	2
Stantinko	1
OnePercent	1

Interesse

Typ

Not Defined	6
Web Server	4
Content Management System	4
Firewall Software	4
Operating System	4

Hersteller

Not Defined	14
Microsoft	8
Cisco	6
LogicBoard	2
Pivotal	2

Produkt

Microsoft IIS	4
Cisco ASA	4
Microsoft Windows	4
OpenSSH	2
vsftpd	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.54	0.00943	CVE-2010-0966
2	Apple Mac OS X bis 10.3.4 TCP/IP-Stapel out-of-sequence TCP-Verkehr unbekannte Schwachstelle	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.03667	CVE-2004-0171
3	Microsoft IIS IP/Domain Restriction erweiterte Rechte	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.09	0.00817	CVE-2014-4078
4	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
5	FUSE fusermount erweiterte Rechte	6.5	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00134	CVE-2018-10906
6	Asus GT-AX11000 CAPTCHA Information Disclosure	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	0.01157	CVE-2021-41435
7	Oracle GlassFish Server Java Server Faces Directory Traversal	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.64598	CVE-2013-3827
8	Microsoft Windows win32k.sys erweiterte Rechte	6.3	6.0	$25k-$100k	Wird berechnet	Proof-of-Concept	Official Fix	0.00	0.00042	CVE-2013-1340
9	PHPSHE pay.php SQL Injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00210	CVE-2019-9762
10	Microsoft IIS Cross Site Scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00548	CVE-2017-0055
11	IPTV Smarters Web TV Player Upload erweiterte Rechte	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00530	CVE-2020-9380
12	Microsoft Windows Background Intelligent Transfer Service Information Disclosure	3.3	3.3	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00	0.00000
13	NetworkManager AdHoc Mode schwache Authentisierung	4.4	4.3	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00052	CVE-2012-2736
14	jforum User erweiterte Rechte	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00289	CVE-2019-7550
15	Citrix NetScaler ADC/NetScaler Gateway Information Disclosure	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00188	CVE-2018-6808
16	Citrix NetScaler ADC/NetScaler Gateway SSH Login Prompt erweiterte Rechte	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00115	CVE-2018-5314
17	Cisco ASA WebVPN Login Page Denial of Service	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.01075	CVE-2014-2124
18	Cisco ASA WebVPN Login Page logon.html Cross Site Scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00192	CVE-2014-2120
19	WordPress wp-trackback.php SQL Injection	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.04651	CVE-2007-0233
20	PHP PHP-FPM Denial of Service	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00584	CVE-2015-9253

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Akteur	Identifiziert	Typ	Akzeptanz
1	45.89.106.108	Echobot	20.10.2023	verifiziert	High
2	XX.XX.XX.XXX	Xxxxxxx	20.10.2023	verifiziert	High
3	XX.XX.XX.XXX	Xxxxxxx	20.10.2023	verifiziert	High
4	XXX.XXX.XXX.XXX	Xxxxxxx	20.10.2023	verifiziert	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/+CSCOE+/logon.html	prädiktiv	High
2	File	/download	prädiktiv	Medium
3	File	/forum/away.php	prädiktiv	High
4	File	/uncpath/	prädiktiv	Medium
5	File	xxxxxxxxxxx.xxx	prädiktiv	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
7	File	xxxxxxxxxxxxx.xxx	prädiktiv	High
8	File	xxx/xxxxxx.xxx	prädiktiv	High
9	File	xxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxx	prädiktiv	High
10	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	prädiktiv	High
11	File	xxxxx.xxx	prädiktiv	Medium
12	File	xxxxxx.xxx	prädiktiv	Medium
13	File	xx-xxxxx/xxxxx-xxxx.xxx	prädiktiv	High
14	File	xx-xxxxxxxxx.xxx	prädiktiv	High
15	Argument	xxxxxxxx	prädiktiv	Medium
16	Argument	xxxxx	prädiktiv	Low
17	Argument	xxxxxxxx	prädiktiv	Medium
18	Argument	xx	prädiktiv	Low
19	Argument	xxxx	prädiktiv	Low
20	Argument	xxxxxxxx	prädiktiv	Medium
21	Argument	xxxx_xxxx	prädiktiv	Medium
22	Argument	xxxxxx_xxxx	prädiktiv	Medium
23	Argument	xx_xx	prädiktiv	Low
24	Argument	xxxxxxxx	prädiktiv	Medium
25	Argument	xxxxxxxx/xxxx	prädiktiv	High
26	Network Port	xxx/xxx (xxx)	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!