EvilBunny Analysis

IOB - Indicator of Behavior (88)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en62
fr6
pl6
zh6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Samsung Galaxy S44
Samsung Galaxy S64
Samsung Note 34
FFmpeg4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.040.01564CVE-2016-6195
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.640.04187CVE-2010-0966
3wp-google-maps Plugin REST API class.rest-api.php input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.45979CVE-2019-10692
4GNU Tar Remote Code Execution9.89.8$0-$5kCalculatingNot DefinedNot Defined0.020.01055CVE-2005-2541
5node-jsonwebtoken jwt.verify input validation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.130.10855CVE-2022-23529
6NetIQ Advanced Authentication Multi-Factor Authentication improper authentication6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-38753
7mndpsingh287 WP File Manager Backup fm_backups information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.73020CVE-2020-24312
8Google Android bta_hf_client_at.cc bta_hf_client_handle_cind_list_item out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.15362CVE-2022-20229
9IBM Tivoli Provisioning Manager Express for Software Distribution ActiveX Control stack-based overflow10.010.0$25k-$100kCalculatingHighNot Defined0.040.62277CVE-2012-0198
10Com Datsogallery sub_votepic.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00986CVE-2008-5208
11Laurent Destailleur AWStats awredir.pl cross site scripting8.88.4$0-$5k$0-$5kHighOfficial Fix0.020.01018CVE-2012-4547
12JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000
13Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.01055CVE-2022-20798
14jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.070.63807CVE-2020-11023
15nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.050.00000CVE-2020-12440
16Microsoft Office Visio Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.020.04475CVE-2022-24510
17Citrix Netscaler Gateway access control6.55.7$5k-$25kCalculatingUnprovenOfficial Fix0.000.01132CVE-2014-8580
18CPG-Nuke Dragonfly CMS install.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.10995CVE-2006-0644
19lighttpd mod_evhost path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.37149CVE-2014-2324
20Apple macOS Login Window state issue4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2021-30702

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/category.phppredictiveHigh
2File/errorpredictiveLow
3File/etc/passwdpredictiveMedium
4File/getcfg.phppredictiveMedium
5Fileawredir.plpredictiveMedium
6Filebta_hf_client_at.ccpredictiveHigh
7Filexx_xxxxxxxpredictiveMedium
8Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
9Filexx/xxxxx.xpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxx/xxx.xpredictiveHigh
16Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
17Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxx_xxxx_xxx.xpredictiveHigh
19Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxx_xxxxxxx.xxxpredictiveHigh
24Filexxxxxx_xxx.xxxpredictiveHigh
25Filexxxx/xxxxxxxxx.xpredictiveHigh
26Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
30Filexx-xxxxxxxxxxx.xxxpredictiveHigh
31Argumentxxx_xxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxpredictiveLow
34Argumentxxxxxxx[xxxxxx]predictiveHigh
35ArgumentxxxxxxpredictiveLow
36ArgumentxxxxpredictiveLow
37Argumentxx/xpredictiveLow
38ArgumentxxxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxpredictiveLow
40Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
41ArgumentxxxxxxxpredictiveLow
42ArgumentxxxxxxpredictiveLow
43ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
44ArgumentxxxxxxxxpredictiveMedium
45ArgumentxxxpredictiveLow
46ArgumentxxxxxpredictiveLow
47Argument__xxxxxxxxxxxxxpredictiveHigh
48Input Valuexxxxx/xxxxxxxxpredictiveHigh
49Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
50Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!