• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Red Hat update for Firefox Multiple Vulnerabilities
June 26, 2019
Rewterz Threat Advisory – CVE 2019-12817 – Linux Kernel Local Privilege Escalation Vulnerability
June 26, 2019

Rewterz Threat Alert – Echobot Botnet Acquiring Unauthorized System Access

June 26, 2019

Severity

Medium

Analysis Summary

New Mirai level Botnet Echobot using 26 different exploits for the infection vectors that leveraging the vulnerabilities in Oracle, D-Link, Dell, LINKSYS, REALTEK, Vmware applications and take control of it. Most of the exploits that were being used for this campaign leverages the command execution vulnerabilities that affected various network devices.

  • Echobot uses command execution vulnerabilities.
  • 26 different exploits for infection vectors in the new variant to spread this botnet.
  • Targets legacy hardware and software from 2009 through 2019.
  • Echobot’s loader system is a virtual server hosted in Bulgaria on Neterra’s cloud network.
  • Attack code derived from the Mirai botnet.

Impact

Unauthorized System Access

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 13d3b4545b18f41cf89ad9d278434b3fb60a702edebdde605ced745db47ce58d
  • 25e959a071e631088816ed87991482b8776a81377f0fa7a8f53eca9a7af3afe1
  • 2ad284d6297420e9cdb3a2bd9f0824c3122c861f37b58ea17675e0f5799f029e
  • 22e33a16b03c2ca6b1e98b9c6fe1f1cc18d84eef4bb79247642ccf37960aaad8
  • 36b1391b84f48a0f3b20b3831250b681dfa4a5aeb7a26816da723a06991d5029
  • 73fe0ed1e85d547d19acd720b1d67fb94059a007a35f685b3bd16627879d4c47
  • 7d9af41abec8cc93a9185dfdb256b864fa5c9e67e16192f718d7faa0e18177e8
  • 95c7516abf8c738423cd18f0c905baa65d38ba5259b6853777550505019ba8cd
  • b73add38713b70ca529c8387275fca0bbf5f5488f2be5ebc17c4f1f34b06bd26
  • ed4d920cd54b87167d0ad2256bf996c8fdac3ac3bd5dd5ccb0b6c2d551226184
  • f02e2443c250e78877f9b184ab94693f4e8dba8c2191c9d03857664e71987976
  • f9ee7e0a4deac908e6fbacf7baa4f1d3bb138ebe2a3f9236a61f5d764181df0a
  • 228ca519054dd62aadfa360fcf8f74e3072a4f6ffde521e47db233a604320a16
  • 2f21e8ed1dce77c2cd0080c529043cff1c1ff5f22ba39dcd1a2220e17f273ba5
  • 68e62724530401400724a75dd2fe07dc0db6a8373be7861d65896b33039c632f
  • 9eebd384fa6d4d45648a74dfe0aad8fe2b9bc9b907e6f3b474ca77e83bbf63bb
  • dbf70f849e09441af668245f3ba7491be227447c36e7244bbbf2787e503599a7
  • 2dd89d8214c76b3ce7b6a301ad8256fba5ac9f3e4c0b3e10e14c6075764f0e4d
  • 5091da1a1fa51f77ac64f75ab9c23da88469160f040a189ec1e6a0e952a26720
  • 563afb05bb5a68c8b235143dde081c44e06ed2674681629c60116ce1b92a7cee
  • 6cdce7758468685f8c125bff2c3c1f196fe43f30e10c7fb643a67b7d5e2ae2f2
  • 83841e5f965cb7e03bf5f0c5da217a22b307ddd138a3b8b8ec5dc8f111f26165
  • 8ba26e98710f3e55677a7eaea19a656e3ef7136e94f81ecb5b05cfdc96586d65
  • 9476bfe1eb99b00c02a3a6c539d1a060b87e4c53617fa5b2949cdd44c1cbc92b
  • b4443e1bbd27062c8eb2bfd791483a777ac003ce8d47a9ce43f2861f0ad70f94
  • c2440a1e19ae8f527061a666fa59eb457f3c1c8f6d5b981f9c1f5bf8a4c62f61
  • f64cad4ce4af8debf1951d4deca0dd86acd3a83409140cb0544ea27d155e04ab
  • 046a077bd3ded83b9066350862d204afb04dfe04b71827de8f60929e2f7d4e44
  • 0639e8111253133a617cd0f119c1ef70560de0f044add084c0200a1a4fd6952e
  • 098c7f9c8c8c63d8d79387274f0fe5416702abcb650b983426e116f193b82e61
  • 121e6d208522e1abccacd51f82f03a9178680c222eff5336b84b6f86a770a453
  • 7ffb658d09c5c55c04ac1cef4e1e3c428c0363130381e0aef8c769ea11c64370
  • 87195d5262c205b3356cfe815d60d41a11a8f563b4cd4abd75da73128e02f86c
  • 9dc3e2fc27e138a588e6a25dc5432d78f0930046286fc64b9c65246beda19a45
  • b3e5726e56f604656a322fc6c62585e73f594d053d6891c3fa94c3fff41f30cb
  • b4a370ff3d59d43924ace6c8ef34df55b6e45b4dcff2f0f2db36bbb40e6c203e
  • 22ff3cc031c9ae43757030a1cb1a8fc09171f370469b79770faaca3eb5dbbfef
  • 385d26249622f65692423312846feed6eba96cea5d6e0bfbfa755307985cb8cd
  • 621e17811228b8ea559a2f6905235fcbcc59e7c06b9c380962aca3fcac15600c
  • 729d3b3363bd69b2cc60b9600ea91223361021f75b6f7484a49ead95a325b60c
  • 970783c2e358b1238f8e571989caf696f6af585dccad64dd21bf1703835b80d1
  • be7f56a58a908125ce2066fb0691d9f9eef868509a5d53f08e8362f21542b76c
  • cb8b4d3d24607731cdffa7015eb6299373870c53a854b4a23657f8ede53113c6
  • e8df1d766fc3763ffa79663920f47f158ec55605fdbf8bf5a55fcdcfe61be78d
  • e94482b0382aa7907c41c329772085c288e55dd4b8ffd28277131d9ca9b2e9d2

Remediation

Members who find they have either hardware or software vulnerable to Echobot should apply patches.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.