EvilExtractor Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en60
es2
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA20
NL: Netherland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Amadey1
EvilExtractor1
Mirai1
Ave Maria1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
WordPress Plugin8
Smartphone Operating System4
Router Operating System4
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Microsoft4
Linksys4
Google4
SourceCodester4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows2
Siretta QUARTZ-GOLD2
MediaTek MT52212
MediaTek MT65802
MediaTek MT67352

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1HTMLJunction EZGuestbook information disclosure7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround 0.010150.00CVE-2005-1660
2DUware DUpaypal detail.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.017070.08CVE-2006-6365
3Ivanti Wavelink Avalanche Manager Message out-of-bounds write9.18.8$0-$5k$0-$5kProof-of-ConceptOfficial fixexpected0.889250.03CVE-2023-32560
4Synthetic Reality Sympoll index.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.005300.09CVE-2003-1175
5SourceCodester Inventory Management System edit_update.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.002470.04CVE-2023-4436
6SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.00CVE-2023-2090
7Xen x86 Shadow Paging null pointer dereference6.66.5$0-$5k$0-$5kNot definedOfficial fix 0.000630.05CVE-2022-42335
8Microsoft Azure Machine Learning information disclosure5.44.7$5k-$25k$0-$5kUnprovenOfficial fix 0.006060.00CVE-2023-28312
9MediaTek MT8798 WLAN out-of-bounds write5.45.3$0-$5k$0-$5kNot definedOfficial fix 0.000320.00CVE-2023-20682
10SourceCodester Simple Task Allocation System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000520.00CVE-2023-1791
11firefly-iii input validation6.86.8$0-$5k$0-$5kNot definedOfficial fix 0.000380.00CVE-2023-1789
12Apple macOS System Settings information disclosure3.33.2$0-$5k$0-$5kNot definedOfficial fix 0.000630.00CVE-2023-23542
13Google Android UidObserverController.java register information disclosure4.44.3$5k-$25k$0-$5kNot definedOfficial fix 0.000140.00CVE-2023-21029
14Miniflux Mixed Content cross site scripting4.64.5$0-$5k$0-$5kNot definedOfficial fix 0.005920.01CVE-2023-27592
15Ansible Semaphore auth.go improper authentication8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.003270.02CVE-2023-28609
16Microsoft Windows Printer Driver privilege escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial fix 0.034620.00CVE-2023-23406
17WH Testimonials Plugin cross site scripting5.95.8$0-$5k$0-$5kNot definedNot defined 0.005400.00CVE-2023-1372
18Proofpoint Enterprise Protection Webutils neutralization of directives8.88.8$0-$5k$0-$5kNot definedNot defined 0.003040.00CVE-2023-0089
19Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot definedWorkaround 0.000000.08
20DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection7.77.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.199820.00CVE-2023-1162

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
189.116.53.55EvilExtractor04/26/2023verifiedHigh
2XXX.XX.XX.XXXXxxxxxxxxxxxx04/26/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/apply.cgipredictiveMedium
3File/forum/PostPrivateMessagepredictiveHigh
4File/login/index.phppredictiveHigh
5File/see_more_details.phppredictiveHigh
6File/xxxxxx.xxxpredictiveMedium
7File/xxxx/x.xxxpredictiveMedium
8Filexxxxx/xxxxxxxx_xxx.xxxpredictiveHigh
9Filexxx/xxxx.xxpredictiveMedium
10Filexxx/xxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
11Filexxxxxx.xxxpredictiveMedium
12Filexx/xxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx_xxxx.xxxpredictiveHigh
17Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
18Filexxxxxxx/xxxxxxxxxx.xxpredictiveHigh
19Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxxxx_xxxx.xxxpredictiveHigh
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxxxxxpredictiveMedium
23Argumentxxxx.xxxxxxxxxxxpredictiveHigh
24ArgumentxxpredictiveLow
25ArgumentxxxxpredictiveLow
26ArgumentxxxxxpredictiveLow
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxpredictiveMedium
30Argumentxxxxxxx/xxxxxxxpredictiveHigh
31Argumentxxxx_xxpredictiveLow
32ArgumentxxpredictiveLow
33Argumentxx_xxxxxxxx/xx_xxxx_xxxxx/xx_xxxx_xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!