Amadey Bot Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

Oś czasu

Język

en112
ru6
es4
fr4
pl2

Kraj

ru74
us14
it2
fr2

Aktorzy

RedLine Stealer2
Amadey2
Amadey Bot2
Rhadamanthys2
Meterpreter1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined82
Content Management System8
File Compression Software4
Domain Name Software4
Log Management Software4

Sprzedawca

Not Defined46
D-Link8
SourceCodester6
NVIDIA4
Kostac4

Produkt

Croc8
D-Link DWL-66106
Kostac PLC Programming Software4
Apache Airflow2
NVIDIA DGX H100 BMC2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1openSUSE welcome Local Privilege Escalation4.54.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.02CVE-2023-32184
2SourceCodester Medical Certificate Generator App action.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.09CVE-2023-0774
3Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial Fix0.234410.00CVE-2021-31206
4nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002415.38CVE-2020-12440
5JetBrains TeamCity weak authentication8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.970710.04CVE-2023-42793
6Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.06CVE-2023-40931
7Openupload Stable compress-inc.php privilege escalation7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000970.00CVE-2023-36319
8Dolibarr ERP CRM privilege escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000970.03CVE-2023-38887
9NVIDIA DGX H100 BMC Host KVM Daemon memory corruption7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.05CVE-2023-25527
10NVIDIA Cumulus Linux VxLAN-encapsulated IPv6 Packet information disclosure5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-25525
11Mitsubishi Electric GX Works3 Incomplete Fix CVE-2020-14496 privilege escalation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-4088
12NVIDIA DGX H100 BMC Web Server Plugin memory corruption9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001190.00CVE-2023-25528
13Dolibarr ERP CRM Command Privilege Escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001600.02CVE-2023-38886
14Dolibarr ERP CRM REST API Module testSqlAndScriptject cross site scripting6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001780.02CVE-2023-38888
15IOBit Malware Fighter ImfHpRegFilter.sys denial of service4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-24089
16ISL ARP Guard cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2023-39575
17Nagios XI Custom Logo cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000530.05CVE-2023-40932
18graphql Query Parser OverlappingFieldsCanBeMergedRule denial of service4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-26144
19Linux Kernel BPF verifier.c backtrack_insn Remote Code Execution9.59.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2023-2163
20Croc Custom Shared Secret Privilege Escalation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.03CVE-2023-43617

Kampanie (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
12.59.42.63vds-cw08597.timeweb.ruAmadey BotAzorult2022-03-04verifiedWysoki
2XX.XXX.XX.XXXXxxxxx Xxx2024-04-02verifiedWysoki
3XXX.XX.X.XXxxxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx2022-08-02verifiedWysoki
4XXX.XX.X.XXxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx2022-08-02verifiedWysoki

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveWysoki
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveWysoki
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveWysoki
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File.ssh/authorized_keyspredictiveWysoki
2File/admin/api/theme-edit/predictiveWysoki
3File/face-recognition-php/facepay-master/camera.phppredictiveWysoki
4File/forum/PostPrivateMessagepredictiveWysoki
5File/home/masterConsolepredictiveWysoki
6File/hrm/employeeadd.phppredictiveWysoki
7File/hrm/employeeview.phppredictiveWysoki
8File/m4pdf/pdf.phppredictiveWysoki
9File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveWysoki
10Fileaction.phppredictiveMedium
11Fileadmin.php&r=article/AdminContent/editpredictiveWysoki
12Fileadmin.xmlpredictiveMedium
13Filexxxxx/?xxxx=xxxxxpredictiveWysoki
14Filexxxx/xx_*.xxxpredictiveWysoki
15Filexxx.xxxpredictiveNiski
16Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
17Filexxxxxx/xxxxx/xxxxx.xxxpredictiveWysoki
18Filexxxxxxxx-xxx.xxxpredictiveWysoki
19Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveWysoki
20Filexxxxxx.xxxxpredictiveMedium
21Filexxxxx_xxxx.xpredictiveMedium
22Filexxxx_xxxxxx.xxxpredictiveWysoki
23Filexxxx_xxxxxxxxx.xxxxxpredictiveWysoki
24Filexx/xxxxx.xxxpredictiveMedium
25Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictiveWysoki
26Filexxx/xxxxxx.xxxpredictiveWysoki
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx?xxxx=xxxxxpredictiveWysoki
29Filexxxx_xxxx.xxxpredictiveWysoki
30Filexxxxxx.xxxxxxxxxx.xxpredictiveWysoki
31Filexxxxxx/xxx/xxxxxxxx.xpredictiveWysoki
32Filexxx/xxxxxxx/xxxxxx.xxpredictiveWysoki
33Filexxx/xxxxxx.xxpredictiveWysoki
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
37Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
38Filexxxxxxxxxx.xxpredictiveWysoki
39Filexxxx_xxxxxxxx.xxxpredictiveWysoki
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxx_xxxxxx.xxxpredictiveWysoki
42Filexxxxx.xpredictiveNiski
43Filexxxxxxx_xxxxx.xxxpredictiveWysoki
44Filexxxxxxx/xxxxxxxxxx.xxpredictiveWysoki
45Filexxx_xxx.xxxpredictiveMedium
46Filexxxxxx-xxxxxxxx.xxxpredictiveWysoki
47Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictiveWysoki
48Filexxxx_xxxxx.xxxxpredictiveWysoki
49Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
50Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
51Filexxx/xxxxxxxxx.xpredictiveWysoki
52Filexxxxx_xxxxx.xxxpredictiveWysoki
53Filexxxxxx-xxxxxx.xxxpredictiveWysoki
54Filexxx/xxx.xxxxx.xxxpredictiveWysoki
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxx_xxxxxxxx.xxxpredictiveWysoki
57Filexxxxxxx.xxxx.xxxpredictiveWysoki
58Libraryxxxxxx[xxxxxx_xxxxpredictiveWysoki
59Libraryxxxxxxxxxxxxxx.xxxpredictiveWysoki
60Libraryxxxxxx.xxxpredictiveMedium
61Libraryxxxxx.xxxpredictiveMedium
62ArgumentxxxxxxpredictiveNiski
63ArgumentxxxxxpredictiveNiski
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxpredictiveMedium
66ArgumentxxpredictiveNiski
67Argumentxxxx_xxpredictiveNiski
68ArgumentxxxxxxxpredictiveNiski
69ArgumentxxxxxxxxxxxxxpredictiveWysoki
70Argumentxxxxxx[xxxxxx_xxxx]predictiveWysoki
71ArgumentxxxxxxxpredictiveNiski
72ArgumentxxxxxpredictiveNiski
73ArgumentxxxxxxxxpredictiveMedium
74Argumentxxxx_xxpredictiveNiski
75Argumentxx_xxpredictiveNiski
76ArgumentxxpredictiveNiski
77ArgumentxxpredictiveNiski
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxx/xxxxxxpredictiveMedium
81ArgumentxxxxpredictiveNiski
82ArgumentxxxxpredictiveNiski
83ArgumentxxxxxpredictiveNiski
84Argumentxxx_xxxxpredictiveMedium
85ArgumentxxxxpredictiveNiski
86Argumentxxxx_xxxxxxxxxxpredictiveWysoki
87ArgumentxxxxxpredictiveNiski
88Argumentxxxx_xxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxpredictiveNiski
91ArgumentxxxxxxpredictiveNiski
92ArgumentxxxxxxxxxxxxxpredictiveWysoki
93Argumentxxxxxx_xxxxxxxxpredictiveWysoki
94Argumentxxxxxxx/xxxxxxxpredictiveWysoki
95Argumentxxxx/xxxxxx xxxxpredictiveWysoki
96Argumentxxxx_xxxpredictiveMedium
97ArgumentxxxpredictiveNiski
98Argumentxxx_xxxpredictiveNiski
99ArgumentxxxxxxpredictiveNiski
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxpredictiveNiski

Referencje (4)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Interested in the pricing of exploits?

See the underground prices here!