Evilnum Analysis

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
de6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

io38
se8
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Hancom Office 20102
Hancom Office 20142
Hancom Office 20182
Hancom Office NEO2
Basti2web Book Panel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1unrar integer overflow8.57.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.010.03910CVE-2012-6706
2OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-9230
3PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.09029CVE-2018-19410
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
5phpMyAdmin Setup cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-23808
6Microsoft Exchange Server Outlook Web Access data processing4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.03793CVE-2019-0817
7Microsoft Exchange Server Outlook Web Access input validation7.26.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.06416CVE-2017-11932
8MailEnable Enterprise Premium XML Data xml external entity reference8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-12924
9MailEnable Web Mail list.asp cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.01955CVE-2007-0651
10Synology DiskStation Manager smart.cgi command injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.61685CVE-2017-15889
11AuYou Wireless Smart Outlet Socket Remote Control Straisand improper authentication6.35.8$5k-$25k$0-$5kProof-of-ConceptWorkaround0.040.00000
12Huawei Smart Phone Bastet Module double free6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01036CVE-2019-5282
13Huawei P30 integer overflow6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01036CVE-2019-5287
14Huawei P30 integer overflow6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01036CVE-2019-5288
15WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01183CVE-2017-16510
16George Lewe TeamCal Pro Login index.php path traversal7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.01319CVE-2007-6554
17HP Integrated Lights-out Bmc improper authentication9.88.6$5k-$25k$5k-$25kUnprovenUnavailable0.050.01319CVE-2013-4784
18AnyDesk DLL Loader untrusted search path6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2018-13102
19AnyDesk injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2017-14397
20libpng Chunk input validation9.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01018CVE-2017-12652

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1139.28.37.63139.28.37.63.deltahost-ptrEvilnumverifiedHigh
2XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxxxxverifiedHigh
3XXX.XX.XXX.XXxxxxxx-xx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/shadowpredictiveMedium
2File/public/login.htmpredictiveHigh
3Fileauth-gss2.cpredictiveMedium
4Filebooks.phppredictiveMedium
5Filedata/gbconfiguration.datpredictiveHigh
6Filexxxxx/xxx/xxxx.xxxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxxxxx.xxxpredictiveHigh
11Filexxxx_xxxx.xxxpredictiveHigh
12Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexxx_xxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxxxpredictiveHigh
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxx/xxxx/xxxxxxx.xxxxpredictiveHigh
19Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Libraryxxxxxxx.xxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxpredictiveLow
26Argumentxxx_xxpredictiveLow
27Argumentxxxx_xxpredictiveLow
28Argumentxxxx/xxxxpredictiveMedium
29ArgumentxxxxxxxpredictiveLow
30ArgumentxxxxpredictiveLow
31Argumentxxxx_xxxxxxpredictiveMedium
32ArgumentxxpredictiveLow
33ArgumentxxxxxxxxxxpredictiveMedium
34Argumentxxxx_xxpredictiveLow
35ArgumentxxxxpredictiveLow
36Argumentxxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
37ArgumentxxxpredictiveLow
38Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!