EvilBunny Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
zh8
fr6
es4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us74
gb10
cn6
ru6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

EvilBunny2
Qakbot1
Crimeware1
Nanocore1
Upatre1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Smartphone Operating System8
Content Management System8
Operating System8
Web Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Apple6
IBM4
Google4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FFmpeg4
Google Android4
Microsoft Windows4
Netgear DGN2200 N3004
Apple macOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
2IBM WebSphere Host On-Demand Remote Code Execution7.36.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.019230.00CVE-2006-6537
3Apple iOS/iPadOS Assets resource transfer5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-9979
4nuxt code injection8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2023-3224
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.47CVE-2010-0966
6wp-google-maps Plugin REST API class.rest-api.php input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.973230.04CVE-2019-10692
7GNU Tar Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.006340.04CVE-2005-2541
8PHP PHAR phar_dir_read buffer overflow8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.05CVE-2023-3824
9Siemens RUGGEDCOM ROX I Web Interface File information disclosure5.45.3$5k-$25k$0-$5kNot DefinedWorkaround0.001190.00CVE-2017-2686
10radsecproxy Peer Discovery DNS Record naptr-eduroam.sh injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004060.03CVE-2021-32642
11Wiki.js Storage Module pathname traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001700.00CVE-2020-15236
12Jupyter Core jupyter_core unnecessary privileges7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002960.04CVE-2022-39286
13Grafana Dashboard access control6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2023-2801
14Dojo Toolkit DataGrid String Injection injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005240.02CVE-2018-15494
15Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.07CVE-2021-29343
16SourceCodester Online Computer and Laptop Store index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001260.14CVE-2023-1953
17SourceCodester Online Computer and Laptop Store Subcategory sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001260.09CVE-2023-1957
18FreeBSD Listening Socket accf_create use after free5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-29627
19Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.028180.04CVE-2023-23415
20Oracle HTTP Server SSL Module out-of-bounds write9.89.6$100k and more$5k-$25kNot DefinedOfficial Fix0.150870.00CVE-2022-23943

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.9.32.11EvilBunny01/01/2021verifiedHigh
28.5.1.34EvilBunny01/01/2021verifiedHigh
364.15.136.137EvilBunny01/01/2021verifiedHigh
466.45.225.11EvilBunny01/01/2021verifiedHigh
5XX.XX.XX.XXXxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
6XX.XX.XX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
7XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
8XX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
9XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
10XX.XX.XXX.XXxxxxx.xxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
11XX.XX.XX.XXxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
12XX.X.XXX.XXXxxx.xxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
13XX.XX.XX.XXXxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
14XX.XX.XX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
15XX.XXX.XXX.XXXxxxxxxxx.xxx.xxxXxxxxxxxx01/01/2021verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
17XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
18XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxx01/01/2021verifiedHigh
19XXX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
20XXX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sales/index.phppredictiveHigh
2File/category.phppredictiveHigh
3File/classes/Master.php?f=save_sub_categorypredictiveHigh
4File/errorpredictiveLow
5File/etc/passwdpredictiveMedium
6File/getcfg.phppredictiveMedium
7Fileawredir.plpredictiveMedium
8Filexxx_xx_xxxxxx_xx.xxpredictiveHigh
9Filexxxxx/xxxx/xxxxxxxxpredictiveHigh
10Filexx_xxxxxxxpredictiveMedium
11Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
12Filexx/xxxxx.xpredictiveMedium
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxxxx/xxx.xpredictiveHigh
19Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
20Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxx_xxxx_xxx.xpredictiveHigh
22Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
23Filexxxxx-xxxxxxx.xxpredictiveHigh
24Filexxx-xxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxx.xxxpredictiveHigh
27Filexxx_xxxxxxx.xxxpredictiveHigh
28Filexxxxxx_xxx.xxxpredictiveHigh
29Filexxxx/xxxxxxxxx.xpredictiveHigh
30Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
34Filexx-xxxxxxxxxxx.xxxpredictiveHigh
35Argumentxxx_xxxxpredictiveMedium
36ArgumentxxxxxxxxpredictiveMedium
37Argumentxxxx_xxxxx/xxxx_xxxpredictiveHigh
38ArgumentxxpredictiveLow
39Argumentxxxxxxx[xxxxxx]predictiveHigh
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxxpredictiveLow
42ArgumentxxpredictiveLow
43Argumentxx/xpredictiveLow
44ArgumentxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxpredictiveLow
46Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
47ArgumentxxxpredictiveLow
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxx_xxxxxxxxpredictiveMedium
54ArgumentxxxxxpredictiveLow
55Argument__xxxxxxxxxxxxxpredictiveHigh
56Input Valuexxxxx/xxxxxxxxpredictiveHigh
57Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
58Network Portxxx/xxxxxpredictiveMedium
59Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!