EnemyBot Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

Sprache

en	4
zh	2
ru	2

Land

us	4
ru	2

Akteure

Mirai	1
Amadey	1
Shellbot	1
EnemyBot	1
Cobalt Strike	1

Interesse

Typ

Content Management System	4
Unified Communication Software	4

Hersteller

Cisco	4
EPiServer	2
Magnolia	2

Produkt

EPiServer Ektron CMS	2
Cisco Unified MeetingPlace for Microsoft Outlook	2
Cisco Unified Communications Manager	2
Magnolia CMS	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Fortinet FortiOS Endpoint Monitor Persistent Cross Site Scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00000
2	Cisco Unified Communications Manager Mobile/Remote Access Services erweiterte Rechte	5.4	5.4	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00095	CVE-2015-6410
3	Magnolia CMS Edit Contact Cross Site Scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00069	CVE-2022-33098
4	EPiServer Ektron CMS MenuActions.aspx Cross Site Request Forgery	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00861	CVE-2015-3624
5	Cisco Unified MeetingPlace for Microsoft Outlook Cross Site Scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00106	CVE-2015-0762
6	WordPress Remote Code Execution	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00308	CVE-2011-3125
7	WordPress Access Restriction erweiterte Rechte	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00109	CVE-2010-5296

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Enemybot

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	80.94.92.38		EnemyBot		01.06.2022	verifiziert	High
2	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx	Xxxxxxxx	13.04.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (1)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx	prädiktiv	High

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!