Echobot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us44
ir12
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Echobot3
Baldr2
Dridex2
Stantinko1
OnePercent1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Network Management Software4
Operating System4
Hosting Control Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Thomas R. Pasawicz2
Cisco2
Google2
Apple2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Thomas R. Pasawicz HyperBook Guestbook2
cPanel2
Master Slider Plugin2
OpenSSH2
Cisco ASA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.13CVE-2010-0966
2Apple Mac OS X TCP/IP Stack denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.036670.03CVE-2004-0171
3Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.06CVE-2014-4078
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
5FUSE fusermount access control6.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001340.03CVE-2018-10906
6Asus GT-AX11000 CAPTCHA excessive authentication3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.011570.07CVE-2021-41435
7Oracle GlassFish Server Java Server Faces path traversal5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.645980.04CVE-2013-3827
8Microsoft Windows win32k.sys access control6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2013-1340
9PHPSHE pay.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002100.03CVE-2019-9762
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
11IPTV Smarters Web TV Player Upload unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005300.08CVE-2020-9380
12Microsoft Windows Background Intelligent Transfer Service information disclosure3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.00
13NetworkManager AdHoc Mode missing authentication4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2012-2736
14jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
15Citrix NetScaler ADC/NetScaler Gateway information disclosure7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001880.00CVE-2018-6808
16Citrix NetScaler ADC/NetScaler Gateway SSH Login Prompt command injection7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001150.03CVE-2018-5314
17Cisco ASA WebVPN Login Page resource management4.34.1$5k-$25k$0-$5kHighOfficial Fix0.010750.00CVE-2014-2124
18Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.05CVE-2014-2120
19WordPress wp-trackback.php sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.046510.06CVE-2007-0233
20PHP PHP-FPM resource consumption5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005840.03CVE-2015-9253

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.89.106.108Echobot10/20/2023verifiedHigh
2XX.XX.XX.XXXXxxxxxx10/20/2023verifiedHigh
3XX.XX.XX.XXXXxxxxxx10/20/2023verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxx10/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/downloadpredictiveMedium
3File/forum/away.phppredictiveHigh
4File/uncpath/predictiveMedium
5Filexxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
10Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
14Filexx-xxxxxxxxx.xxxpredictiveHigh
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxpredictiveLow
19ArgumentxxxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21Argumentxxxx_xxxxpredictiveMedium
22Argumentxxxxxx_xxxxpredictiveMedium
23Argumentxx_xxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxxxxxx/xxxxpredictiveHigh
26Network Portxxx/xxx (xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!